Healthcare Features
- Details
- Written by: Sean Clement
- Category: Healthcare Features
- Hits: 1543
The Information Commissioner and the Department for Communities and Local Government jointly wrote to all local authority chief executives last month reminding them of their obligations under the Data Protection Act.
Christopher Graham, the Commissioner, and Sir Bob Kerslake, Permanent Secretary at the DCLG, also warned that the importance of looking after individuals’ personal information would take on “even greater importance” with the proposed transfer of responsibility for public health matters from the NHS to local authorities.
News of the letter came as five more councils gave undertakings to the ICO after breaching the DPA. The watchdog said all five cases involved the authorities failing to take steps to ensure personal information was secure.
One authority, Basingstoke and Deane Borough Council, admitted to breaching the Act on four separate occasions over a two-month period in 2011. An employee of Brighton and Hove Council meanwhile emailed the details of another member of staff’s personal data to 2,821 council workers in July last year.
The other councils giving undertakings to the ICO were: Dacorum Borough Council, Bolton Council and Craven District Council. None received a monetary penalty, however.
The ICO has also served an enforcement notice on a sixth council, Staffordshire County Council, over the mishandling of a subject access request.
In their joint letter Kerslake and Graham emphasised the importance of good information governance.
“We recognise the practical difficulties that you face in trying to achieve this objective against a background of re-organisation and financial constraint, but – with the localism agenda in mind – it is vital that information governance receives high level support in your organisation, from you and your senior colleagues,” they wrote.
Kerslake and Graham said they hoped the ICO’s powers to use monetary penalties would need to be used “only sparingly”, but highlighted the recent £130,000 penalty imposed on Powys County Council. (This has since been exceeded by the £140,000 penalty levied on Midlothian Council)
The letter said there were some actions that all local authorities “can and should take” to reduce the likelihood of a penalty being imposed. In this respect, all local authorities should:
- “Have identified and trained a board level individual to act as the Senior Information Risk Owner;
- Continuously make staff aware of the existing information governance policies and guidelines, emphasising the importance of following them in practice and that a breach of policy will be regarded as a disciplinary matter; and
- Ensure that all staff undertake regular and relevant information governance training.”
Kerslake and Graham also stressed how transparency was a key priority for local government, saying it was important for all authorities to get into the practice of making information available proactively.
“The free availability of non-personal information is the key to the success of Government’s localism agenda,” the letter said. “It is also a legal requirement of the FOI Act and the Commissioner does have enforcement powers to ensure local authorities meet their legal obligations where it becomes clear that they are not already doing so.”
The letter also highlighted the ICO’s offer of data protection audits and the watchdog’s recently published Data Sharing Code of Practice.
Kerslake and Graham concluded: “Both of us would like to ensure that good information governance supports a successful approach to transparency while continuing to protect the privacy of individuals.
“Where, despite our joint efforts, data protection obligations are not met, the ICO will exercise its enhanced powers to take whatever action is appropriate. We hope that this will only be an exceptional approach.”
The Information Commissioner recently submitted a business case to the Ministry of Justice calling for the extension of his compulsory audit powers over central government to cover local government and the NHS.
Commenting today [10 February] Graham said: “At a time when councils are increasingly working with community partners, when data is shared it is vital that they uphold their legal responsibilities under the Data Protection Act. Failures not only put local residents’ privacy at risk, but also mean that councils could be in line for a sizeable monetary penalty.
“We must also consider the detrimental impact these breaches continue to have on the individuals affected."
Philip Hoult
- Details
- Written by: Sean Clement
- Category: Healthcare Features
- Hits: 2157
NHS Gloucestershire has halted controversial plans to transfer services and more than 3,000 health staff to a social enterprise.
The transfer to a community interest company (CIC) had been set to go ahead on 1 October 2011, but was delayed after campaigners launched legal action.
The primary care trust said this week that it had reached an agreement with the claimant, local resident Michael Lloyd, to bring the proceedings to an end.
NHS Gloucestershire said the agreement not to proceed with the transfer to the CIC “at this time” had been reached “in view of the matters raised in court and without in any way accepting that there is merit in the legal complaints made by Mr Lloyd”.
Instead of pressing ahead with the CIC plan, the NHS trust will start a new process of finding the best option for community services in the county.
This will include advertising for expressions of interest for the provision of NHS services in Gloucestershire.
NHS Gloucestershire said it would also “take necessary steps to ensure an appropriate level of staff and public engagement”.
The PCT said it would then make a decision about whether to enter into arrangements with another NHS body for the provision of community healthcare services or whether it would provide services through a different arrangement, such as a CIC.
In a joint statement, NHS Gloucestershire and Mr Lloyd said: "Both parties agree that the public of Gloucestershire deserve the best possible NHS services. We recognise the need for efficient use of public funds and believe that an end to legal proceedings is in everyone's interest - particularly patients.
“The PCT recognises that it is important to maintain the confidence of patients, public and staff in decisions made concerning NHS services in our county.”
Leigh Day & Co partner Richard Stein, Mr Lloyd’s solicitor, said: “Mr Lloyd is extremely pleased with the outcome of the case. Gloucestershire PCT will now explore the possibility of being able to continue to deliver community health services within the NHS, which is in the best interests of patients and the PCT staff who deliver the services."
- Details
- Written by: Sean Clement
- Category: Healthcare Features
- Hits: 791
The Official Solicitor wrote to the President of the Court of Protection in December to inform him that he had reached the limit of his resources with regard to healthcare and welfare cases, it has emerged.
The Court of Protection team at 39 Essex Street, which revealed the existence of the letter in its monthly newsletter, described the development as of “very considerable significance for those concerned with health and welfare matters”.
The CoP team said: “As a result of this development, we understand that the Official Solicitor's position is that he is unable to accept invitations to act in any except the most urgent cases, namely serious medical treatment cases and section 21A appeals, other than those brought by the relevant person's representative. Section 21A appeals may be subject to a delay until a lawyer/case manager becomes available.
“All other cases, even where his acceptance criteria are met, are being placed on a waiting list. These cases will be accepted in accordance with the best estimate that can be given to their weighting and priority when a case manager becomes available to manage the case.”
The CoP team at 39 Essex Street said it also understood that this policy would remain in place until the volume of new cases reduced, or the Official Solicitor's resources for healthcare and welfare cases could be increased, or both, to enable him to revert to the previous acceptance policy.
- Details
- Written by: Sean Clement
- Category: Healthcare Features
- Hits: 6339
The Information Commissioner has sharply criticised public bodies and companies for the high number of mishandled subject access requests.
Complaints about such requests accounted for more than a third (38%) of the Information Commissioner’s Office’s data protection specific casework in the last financial year.
Speaking last week, Christopher Graham, said: “Organisations that handle personal information need to remember that customer records are not simply their property - the individuals who do business with them also have rights. We are seeing far too many complaints that could easily have been avoided if they’d been given serious and timely consideration.
“The result of mishandling requests is not simply a blip on customer service satisfaction levels, it can cause individuals a great deal of upset. The people who are making these requests are not doing it for fun; the vast majority are seeking resolutions to real problems – such as being refused credit or making important decisions about their health.”
The ICO has launched an awareness-raising campaign – called Access Aware – on the issue.
It said health bodies and banking and finance companies had been identified as the worst performing sectors in relation to handling subject access requests. “A more general problem around access to employee records has also been noted across all sectors,” the watchdog said.
The ICO said health bodies and policing and crime organisations continued to generate a high level of subject access related complaints.
According to the ICO, almost half (45%) of data protection specific complaints about health bodies in 2010/11 concerned mishandled requests. “In the same year, 34% of data protection specific complaints in the policing and criminal justice sector were about subject access,” it added.